Multiple security vulnerabilities closed in Microsoft Office

Last Tuesday, known as Patch Tuesday, Microsoft rolled out important security updates for several Office products. These updates are crucial as they address multiple vulnerabilities that, if left unfixed, can be exploited by malicious parties for cyber attacks. Notable is the publication of Proof-of-Concept code for the most critical of these vulnerabilities, underscoring the urgency of these updates.

The Greatest Threat: CVE-2024-21413

The most alarming vulnerability, called CVE-2024-21413, was discovered in the preview screen of Microsoft Office. This vulnerability allows attackers to execute arbitrary code, particularly in applications that use the preview screen such as Outlook. The danger lies in the simplicity with which an attacker can trick an unsuspecting user into clicking on a malicious link. This vulnerability received a CVSS score of 9.8, highlighting its severity. The National Cyber Security Center (NCSC) has raised the security status to High/High, following the publication of the PoC.

Additional Vulnerabilities and Risks.

In addition to CVE-2024-21413, patches have also been released for vulnerabilities in other Office products, including Microsoft OneNote, Skype, Teams for Android and Word. It is important to note that the vulnerabilities in Skype and Teams for Android are particularly at risk if an attacker has physical access to the device, or can operate as a Man-in-the-Middle within the same network.

Preventive Measures

Microsoft has released the necessary updates to address these vulnerabilities. The Digital Trust Center strongly advises users to install these updates as soon as possible. For detailed information about the vulnerabilities, installation instructions and possible temporary fixes, please refer to the official security advisory.

Taking Action

Uncertain about using the Office products involved or has your IT management been outsourced? It is essential to contact your IT service provider immediately and request immediate action. Implementing these updates quickly is critical to ensuring your organization’s digital security.

Conclusion

At a time when digital threats continue to evolve, these recent vulnerabilities in Microsoft Office products highlight the need for constant vigilance and proactive security measures. By acting quickly on the updates provided, organizations and individuals can protect themselves from potential cyber attacks and keep their digital environment safe. For assistance with automatic patching of all systems, contact ALTA-ICT.